packages/authselect
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix the failure of login by root

Browse Source 
(cherry picked from commit 915c44df6ff76de0e17311dc0d04b650816dc600)
This commit is contained in:
yixiangzhike 2023-05-30 18:59:33 +08:00 committed by openeuler-sync-bot
parent 3ab5f37585
commit f30bdb1dfc
2 changed files with 382 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
authselect.spec
View File

@ -1,6 +1,6 @@
Name: authselect Name: authselect
Version: 1.2.4 Version: 1.2.4
Release: 6 Release: 7
Summary: A tool to select system authentication and identity sources from a list of supported profiles Summary: A tool to select system authentication and identity sources from a list of supported profiles
License: GPLv3+ License: GPLv3+
URL: https://github.com/authselect/authselect URL: https://github.com/authselect/authselect
@ -9,6 +9,7 @@ Source0: https://github.com/authselect/authselect/archive/%{version}/%{nam
Patch0: authselect-revert-remove-authselect-compat-package.patch Patch0: authselect-revert-remove-authselect-compat-package.patch
Patch1: backport-main-Drop-an-unnecessary-NULL-check-before-free.patch Patch1: backport-main-Drop-an-unnecessary-NULL-check-before-free.patch
Patch2: backport-cli-fix-memory-handling-with-new-popt-library.patch Patch2: backport-cli-fix-memory-handling-with-new-popt-library.patch
Patch3: backport-profiles-update-nsswitch.conf-due-to-user-nsswitch.c.patch
BuildRequires: autoconf gettext-devel automake libtool popt-devel libcmocka-devel BuildRequires: autoconf gettext-devel automake libtool popt-devel libcmocka-devel
BuildRequires: m4 gcc pkgconfig pkgconfig(popt) po4a asciidoc python3-devel BuildRequires: m4 gcc pkgconfig pkgconfig(popt) po4a asciidoc python3-devel
@ -113,6 +114,9 @@ sed -i -E '/^\w+=$/d' %{_sysconfdir}/security/pwquality.conf.d/10-authconfig-pwq
exit 0 exit 0
%changelog %changelog
* Tue May 30 2023 yixiangzhike <yixiangzhike007@163.com> - 1.2.4-7
- fix the failure of login by root
* Mon Aug 15 2022 panxiaohe <panxh.life@foxmail.com> - 1.2.4-6 * Mon Aug 15 2022 panxiaohe <panxh.life@foxmail.com> - 1.2.4-6
- cli: fix memory handling with new popt library - cli: fix memory handling with new popt library

377
backport-profiles-update-nsswitch.conf-due-to-user-nsswitch.c.patch Normal file
View File

@ -0,0 +1,377 @@
From 3e3a473c66c24b621838c1285f1f808149d3967b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Tue, 16 Nov 2021 13:10:12 +0100
Subject: [PATCH] profiles: update nsswitch.conf due to user-nsswitch.conf
removal
user-nsswitch.conf support is now disabled by default, therefore
we need to support important modules (altfiles, mdns) and include
all databases again in the profile.
- add mdns support
- add altfiles support
- include all databases in all profiles
- reorder databases in order of likelihood (taken from glibc)
Resolves: https://github.com/authselect/authselect/issues/282
---
profiles/minimal/README | 56 ++++-----------------------------
profiles/minimal/nsswitch.conf | 30 +++++++++---------
profiles/nis/README | 57 +++++-----------------------------
profiles/nis/nsswitch.conf | 30 +++++++++---------
profiles/sssd/README | 32 ++++++-------------
profiles/sssd/nsswitch.conf | 23 ++++++++++----
profiles/winbind/README | 21 +++++--------
profiles/winbind/nsswitch.conf | 18 +++++++++--
8 files changed, 96 insertions(+), 171 deletions(-)
diff --git a/profiles/minimal/README b/profiles/minimal/README
index 131ff14..11548ba 100644
--- a/profiles/minimal/README
+++ b/profiles/minimal/README
@@ -35,58 +35,14 @@ with-pamaccess::
with-altfiles::
Use nss_altfiles for passwd and group nsswitch databases.
-without-nullok::
- Do not add nullok parameter to pam_unix.
-
-DISABLE SPECIFIC NSSWITCH DATABASES
------------------------------------
-
-Normally, nsswitch databases set by the profile overwrites values set in
-user-nsswitch.conf. The following options can force authselect to
-ignore value set by the profile and use the one set in user-nsswitch.conf
-instead.
-
-with-custom-aliases::
-Ignore "aliases" map set by the profile.
-
-with-custom-automount::
-Ignore "automount" map set by the profile.
-
-with-custom-ethers::
-Ignore "ethers" map set by the profile.
-
-with-custom-group::
-Ignore "group" map set by the profile.
-
-with-custom-hosts::
-Ignore "hosts" map set by the profile.
+with-mdns4::
+ Enable multicast DNS over IPv4.
-with-custom-initgroups::
-Ignore "initgroups" map set by the profile.
+with-mdns6::
+ Enable multicast DNS over IPv6.
-with-custom-netgroup::
-Ignore "netgroup" map set by the profile.
-
-with-custom-networks::
-Ignore "networks" map set by the profile.
-
-with-custom-passwd::
-Ignore "passwd" map set by the profile.
-
-with-custom-protocols::
-Ignore "protocols" map set by the profile.
-
-with-custom-publickey::
-Ignore "publickey" map set by the profile.
-
-with-custom-rpc::
-Ignore "rpc" map set by the profile.
-
-with-custom-services::
-Ignore "services" map set by the profile.
-
-with-custom-shadow::
-Ignore "shadow" map set by the profile.
+without-nullok::
+ Do not add nullok parameter to pam_unix.
EXAMPLES
--------
diff --git a/profiles/minimal/nsswitch.conf b/profiles/minimal/nsswitch.conf
index a9e4bc7..6c3c355 100644
--- a/profiles/minimal/nsswitch.conf
+++ b/profiles/minimal/nsswitch.conf
@@ -1,14 +1,16 @@
-aliases: files {exclude if "with-custom-aliases"}
-automount: files {exclude if "with-custom-automount"}
-ethers: files {exclude if "with-custom-ethers"}
-group: files {if "with-altfiles":altfiles }systemd {exclude if "with-custom-group"}
-hosts: resolve [!UNAVAIL=return] files myhostname dns {exclude if "with-custom-hosts"}
-initgroups: files {exclude if "with-custom-initgroups"}
-netgroup: files {exclude if "with-custom-netgroup"}
-networks: files {exclude if "with-custom-networks"}
-passwd: files {if "with-altfiles":altfiles }systemd {exclude if "with-custom-passwd"}
-protocols: files {exclude if "with-custom-protocols"}
-publickey: files {exclude if "with-custom-publickey"}
-rpc: files {exclude if "with-custom-rpc"}
-services: files {exclude if "with-custom-services"}
-shadow: files {exclude if "with-custom-shadow"}
\ No newline at end of file
+# In order of likelihood of use to accelerate lookup.
+passwd: files {if "with-altfiles":altfiles }systemd
+shadow: files
+group: files {if "with-altfiles":altfiles }systemd
+hosts: files {if "with-mdns4" and "with-mdns6":mdns_minimal }{if "with-mdns4" and not "with-mdns6":mdns4_minimal }{if not "with-mdns4" and "with-mdns6":mdns6_minimal }resolve [!UNAVAIL=return] myhostname dns
+services: files
+netgroup: files
+automount: files
+
+aliases: files
+ethers: files
+gshadow: files
+networks: files dns
+protocols: files
+publickey: files
+rpc: files
diff --git a/profiles/nis/README b/profiles/nis/README
index 5dbb9b4..9f629db 100644
--- a/profiles/nis/README
+++ b/profiles/nis/README
@@ -50,58 +50,17 @@ with-nispwquality::
for NIS users as well as local users during password change. Without this
option only local users passwords are checked.
-without-nullok::
- Do not add nullok parameter to pam_unix.
-
-DISABLE SPECIFIC NSSWITCH DATABASES
------------------------------------
-
-Normally, nsswitch databases set by the profile overwrites values set in
-user-nsswitch.conf. The following options can force authselect to
-ignore value set by the profile and use the one set in user-nsswitch.conf
-instead.
-
-with-custom-aliases::
-Ignore "aliases" map set by the profile.
-
-with-custom-automount::
-Ignore "automount" map set by the profile.
-
-with-custom-ethers::
-Ignore "ethers" map set by the profile.
-
-with-custom-group::
-Ignore "group" map set by the profile.
-
-with-custom-hosts::
-Ignore "hosts" map set by the profile.
+with-altfiles::
+ Use nss_altfiles for passwd and group nsswitch databases.
-with-custom-initgroups::
-Ignore "initgroups" map set by the profile.
+with-mdns4::
+ Enable multicast DNS over IPv4.
-with-custom-netgroup::
-Ignore "netgroup" map set by the profile.
+with-mdns6::
+ Enable multicast DNS over IPv6.
-with-custom-networks::
-Ignore "networks" map set by the profile.
-
-with-custom-passwd::
-Ignore "passwd" map set by the profile.
-
-with-custom-protocols::
-Ignore "protocols" map set by the profile.
-
-with-custom-publickey::
-Ignore "publickey" map set by the profile.
-
-with-custom-rpc::
-Ignore "rpc" map set by the profile.
-
-with-custom-services::
-Ignore "services" map set by the profile.
-
-with-custom-shadow::
-Ignore "shadow" map set by the profile.
+without-nullok::
+ Do not add nullok parameter to pam_unix.
EXAMPLES
--------
diff --git a/profiles/nis/nsswitch.conf b/profiles/nis/nsswitch.conf
index 50a3ffb..e60eeaa 100644
--- a/profiles/nis/nsswitch.conf
+++ b/profiles/nis/nsswitch.conf
@@ -1,14 +1,16 @@
-aliases: files nis {exclude if "with-custom-aliases"}
-automount: files nis {exclude if "with-custom-automount"}
-ethers: files nis {exclude if "with-custom-ethers"}
-group: files nis systemd {exclude if "with-custom-group"}
-hosts: resolve [!UNAVAIL=return] files nis myhostname dns {exclude if "with-custom-hosts"}
-initgroups: files nis {exclude if "with-custom-initgroups"}
-netgroup: files nis {exclude if "with-custom-netgroup"}
-networks: files nis {exclude if "with-custom-networks"}
-passwd: files nis systemd {exclude if "with-custom-passwd"}
-protocols: files nis {exclude if "with-custom-protocols"}
-publickey: files nis {exclude if "with-custom-publickey"}
-rpc: files nis {exclude if "with-custom-rpc"}
-services: files nis {exclude if "with-custom-services"}
-shadow: files nis {exclude if "with-custom-shadow"}
+# In order of likelihood of use to accelerate lookup.
+passwd: files {if "with-altfiles":altfiles }nis systemd
+shadow: files nis
+group: files {if "with-altfiles":altfiles }nis systemd
+hosts: files {if "with-mdns4" and "with-mdns6":mdns_minimal }{if "with-mdns4" and not "with-mdns6":mdns4_minimal }{if not "with-mdns4" and "with-mdns6":mdns6_minimal }resolve [!UNAVAIL=return] nis myhostname dns
+services: files nis
+netgroup: files nis
+automount: files nis
+
+aliases: files nis
+ethers: files nis
+gshadow: files nis
+networks: files nis dns
+protocols: files nis
+publickey: files nis
+rpc: files nis
diff --git a/profiles/sssd/README b/profiles/sssd/README
index 59871f7..fff913a 100644
--- a/profiles/sssd/README
+++ b/profiles/sssd/README
@@ -79,6 +79,15 @@ with-sudo::
with-pamaccess::
Check access.conf during account authorization.
+with-altfiles::
+ Use nss_altfiles for passwd and group nsswitch databases.
+
+with-mdns4::
+ Enable multicast DNS over IPv4.
+
+with-mdns6::
+ Enable multicast DNS over IPv6.
+
with-files-domain::
If set, SSSD will be contacted before "files" when resolving users and
groups. The order in nsswitch.conf will be set to "sss files" instead of
@@ -97,29 +106,6 @@ with-files-access-provider::
without-nullok::
Do not add nullok parameter to pam_unix.
-DISABLE SPECIFIC NSSWITCH DATABASES
------------------------------------
-
-Normally, nsswitch databases set by the profile overwrites values set in
-user-nsswitch.conf. The following options can force authselect to
-ignore value set by the profile and use the one set in user-nsswitch.conf
-instead.
-
-with-custom-passwd::
-Ignore "passwd" database set by the profile.
-
-with-custom-group::
-Ignore "group" database set by the profile.
-
-with-custom-netgroup::
-Ignore "netgroup" database set by the profile.
-
-with-custom-automount::
-Ignore "automount" database set by the profile.
-
-with-custom-services::
-Ignore "services" database set by the profile.
-
EXAMPLES
--------
diff --git a/profiles/sssd/nsswitch.conf b/profiles/sssd/nsswitch.conf
index 91c9fe9..526cbae 100644
--- a/profiles/sssd/nsswitch.conf
+++ b/profiles/sssd/nsswitch.conf
@@ -1,6 +1,17 @@
-passwd: {if "with-files-domain":sss files|files sss} systemd {exclude if "with-custom-passwd"}
-group: {if "with-files-domain":sss files|files sss} systemd {exclude if "with-custom-group"}
-netgroup: sss files {exclude if "with-custom-netgroup"}
-automount: sss files {exclude if "with-custom-automount"}
-services: sss files {exclude if "with-custom-services"}
-sudoers: files sss {include if "with-sudo"}
+# In order of likelihood of use to accelerate lookup.
+passwd: {if "with-files-domain":sss }files {if "with-altfiles":altfiles }{if not "with-files-domain":sss }systemd
+shadow: files
+group: {if "with-files-domain":sss }files {if "with-altfiles":altfiles }{if not "with-files-domain":sss }systemd
+hosts: files {if "with-mdns4" and "with-mdns6":mdns_minimal }{if "with-mdns4" and not "with-mdns6":mdns4_minimal }{if not "with-mdns4" and "with-mdns6":mdns6_minimal }resolve [!UNAVAIL=return] myhostname dns
+services: files sss
+netgroup: files sss
+sudoers: files sss {include if "with-sudo"}
+automount: files sss
+
+aliases: files
+ethers: files
+gshadow: files
+networks: files dns
+protocols: files
+publickey: files
+rpc: files
diff --git a/profiles/winbind/README b/profiles/winbind/README
index 40a1a45..39a15fc 100644
--- a/profiles/winbind/README
+++ b/profiles/winbind/README
@@ -60,22 +60,17 @@ with-silent-lastlog::
with-pamaccess::
Check access.conf during account authorization.
-without-nullok::
- Do not add nullok parameter to pam_unix.
-
-DISABLE SPECIFIC NSSWITCH DATABASES
------------------------------------
+with-altfiles::
+ Use nss_altfiles for passwd and group nsswitch databases.
-Normally, nsswitch databases set by the profile overwrites values set in
-user-nsswitch.conf. The following options can force authselect to
-ignore value set by the profile and use the one set in user-nsswitch.conf
-instead.
+with-mdns4::
+ Enable multicast DNS over IPv4.
-with-custom-passwd::
-Ignore "passwd" database set by the profile.
+with-mdns6::
+ Enable multicast DNS over IPv6.
-with-custom-group::
-Ignore "group" database set by the profile.
+without-nullok::
+ Do not add nullok parameter to pam_unix.
EXAMPLES
--------
diff --git a/profiles/winbind/nsswitch.conf b/profiles/winbind/nsswitch.conf
index 8a23bd7..b3ea72d 100644
--- a/profiles/winbind/nsswitch.conf
+++ b/profiles/winbind/nsswitch.conf
@@ -1,2 +1,16 @@
-passwd: files winbind systemd {exclude if "with-custom-passwd"}
-group: files winbind systemd {exclude if "with-custom-group"}
+# In order of likelihood of use to accelerate lookup.
+passwd: files {if "with-altfiles":altfiles }winbind systemd
+shadow: files
+group: files {if "with-altfiles":altfiles }winbind systemd
+hosts: files {if "with-mdns4" and "with-mdns6":mdns_minimal }{if "with-mdns4" and not "with-mdns6":mdns4_minimal }{if not "with-mdns4" and "with-mdns6":mdns6_minimal }resolve [!UNAVAIL=return] myhostname dns
+services: files
+netgroup: files
+automount: files
+
+aliases: files
+ethers: files
+gshadow: files
+networks: files dns
+protocols: files
+publickey: files
+rpc: files
--
2.27.0